One of the problems with hackers is that they are sometimes so hard to estimate.  Many hackers, such as the ones behind the WannaCry ransomware hack, are out to make a fast dollar from hijacking someone’s data and holding it for ransom.  But some hackers have started to create ransomware viruses simply to show off how skilled and talented they are at hacking. Take the recent Annabelle ransomware, for example.  This is a mess of a virus is based off the Conjuring/Annabelle horror movie franchise.

The Annabelle ransomware doesn’t just attack one aspect of the computer, such as encrypting data files until a ransom is paid to the hacker.  Instead, it will shut down a computer’s security programs such as Windows Defender, but also other programs including Task Manager, Process Explorer, and MSconfig.  Furthermore, it continues on by turning off the firewall and then encrypting files. It will also shut down many programs so they cannot be used, including Notepad, Chrome, and Internet Explorer.  If any flash drives plugged into a USB port, it will try to spread itself to those drives as well. (Fortunately, it tries this using autorun.inf files that are no longer supported by new versions of Windows.)

The ransomware got its name from a boot loader that features the creepy demon-possessed doll Annabelle.  This is written over the master boot record of an infected computer so that the boot loader is all one sees if the computer is restarted.  The boot loader will inform the user they must pay a ransom to remove the virus and there is a countdown clock on the computer. When the countdown reaches zero, the computer will be “broken,” implying permanent deletion of files.  If the user restarts the computer, the countdown will speed up.

Fortunately for those hit by this hack, it can be easily removed.  Security expert Michael Gillespie has been able to use his StupidDecryptor to unlock the files and was then able to remove the virus.

But Annabelle emphasizes the fact that ransomware is evolving from the previous familiar style of simply encrypting files for monetary gain.  That is why it is so important to have a security protocol in place that can stay ahead of these newer hacks.

Even with the best security in place, however, cyber risks are still significant and present a serious financial danger to virtually all businesses.  Therefore, business should implement strong, proactive security measures, as well as acquire robust cyber insurance coverage.